WO2017028323A1 - Radio frequency fingerprint-based cross-layer authentication method - Google Patents
Radio frequency fingerprint-based cross-layer authentication method Download PDFInfo
- Publication number
- WO2017028323A1 WO2017028323A1 PCT/CN2015/087880 CN2015087880W WO2017028323A1 WO 2017028323 A1 WO2017028323 A1 WO 2017028323A1 CN 2015087880 W CN2015087880 W CN 2015087880W WO 2017028323 A1 WO2017028323 A1 WO 2017028323A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- radio frequency
- frequency fingerprint
- legal
- sender
- data packet
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/79—Radio fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W72/00—Local resource management
- H04W72/04—Wireless resource allocation
- H04W72/044—Wireless resource allocation based on the type of the allocated resource
- H04W72/0446—Resources in time domain, e.g. slots or frames
Definitions
- the present invention relates to the field of information security technologies, and in particular, to a cross-layer authentication method based on radio frequency fingerprint.
- TESLA a security scheme for a lightweight cipher machine given TESLA technology is proposed.
- TESLA is one of the best known solutions, it still requires synchronization between nodes and is vulnerable to denial of service attacks.
- the attacker blocks the legitimate sender by continuously sending time synchronization requests.
- Most wireless communication solutions now only authenticate the first frame when accessing the network, and do not authenticate subsequent packets. This can lead to many security issues, such as ID tracking, man-in-the-middle attacks, and malicious node attacks.
- the uniqueness of the radio frequency (RF) fingerprint is another important resource for identifying the state of the transmitter. This uniqueness is related to the electrical component, the printed circuit board route, the internal path of the integrated circuit, and the filter output of the wireless transmitter displayed by the high-precision and high-bandwidth oscilloscope in the RF, and the difference is between the transient signals. Can be reflected.
- the RF fingerprints of devices from different manufacturers vary widely. According to reports, even the radio frequency fingerprints on the same series of wireless network cards are different; thus the radio frequency fingerprints are very different and can be used to identify wireless transmitters.
- the object of the present invention is to overcome the deficiencies of the prior art and provide a cross-layer authentication method based on radio frequency fingerprint, which has the characteristics of low complexity, small delay and high precision, and is very suitable for a resource-limited authentication environment.
- a cross-layer authentication method based on radio frequency fingerprint including the following step:
- the legal sender A sends the first data packet to the legal receiver B, and performs upper layer authentication on the first data packet.
- step S2 If the upper layer authentication succeeds, the trust connection between the legal sender A and the legal receiver B is established, and the process proceeds to step S2;
- step S1 is repeated;
- the legal receiver B extracts the radio frequency fingerprint feature vector of the legal sender A, and stores the radio frequency fingerprint feature vector in the memory of the legal receiver B;
- the sender X sends the second data packet to the legal receiver B, and the legal receiver B extracts the radio frequency fingerprint feature vector of the sender X.
- the legal receiver B performs radio frequency fingerprint authentication on the radio frequency fingerprint feature vector of the sender X in step S3 according to the radio frequency fingerprint feature vector, that is, determines the similarity between the radio frequency fingerprint feature vector of the sender X and the radio frequency fingerprint feature vector sample;
- the radio frequency fingerprint authentication is successful, the sender X is the legal sender A, and the radio frequency fingerprint feature vector of the sender X is stored in the memory of the legal receiver B, and the jump step S3;
- the radio frequency fingerprint authentication fails, the sender X is the attacker E, and the legal receiver B discards the second data packet, and the process proceeds to step S1.
- the upper layer authentication uses digital signature authentication based on public key infrastructure or TESLA based authentication.
- step S1 includes the following substeps:
- the legal sender A is assigned an anonymous public/private key pair ⁇ pubK A , priK A >, public/private key pair ⁇ pubK A , priK A > with a certain lifetime.
- the virtual ID of the public/private key pair ⁇ pubK A , priK A > is PVID A ;
- the legal recipient B is assigned an anonymous public/private key pair ⁇ pubK B , priK B > with a certain lifetime, and the public/private key pair ⁇ pubK B , priK B > is Cert B , public key / The virtual ID of the private key pair ⁇ pubK B , priK B > is PVID B ;
- the legitimate sender A uses the private key priK A to sign the hash message of the first data packet, and the first data packet is represented as Then the first packet Send to legal recipient B, ie:
- the legal recipient B considers the first data packet.
- the sender is the legal sender A, establishing a trust connection between the legitimate sender A and the legitimate receiver B;
- step S15 If the signature verification fails, the legal receiver B discards the first data packet. Go to step S12.
- the steps of the legal receiver B extracting the radio frequency fingerprint feature vector of the legal sender A and the legal receiver B extracting the radio frequency fingerprint feature vector of the sender X include the following steps:
- the legal receiver B receives the radio frequency signal
- the legal receiver B uses the Hilbert transform to parse the received radio frequency signal, then calculates the instantaneous phase of the radio frequency signal, and detects the transient signal by the phase detection method;
- the legal receiver B obtains a smooth instantaneous envelope curve by using a wavelet analysis transform method
- the identifiers used in the step S5 for performing radio frequency fingerprint authentication are an SVM recognizer and a BP neural network recognizer.
- the verification algorithm for performing radio frequency fingerprint authentication in the step S5 is a likelihood ratio test method or a sequential probability ratio test method.
- the step of setting a threshold is also included before the step S5.
- the radio frequency fingerprint feature sample in the step S4 includes one or more of the radio frequency fingerprint feature vectors stored in the memory of the legal recipient B.
- the present invention uses the public key infrastructure-based digital signature authentication or the TESLA-based authentication for the first data packet to establish an upper-layer identity authentication only when a trusted connection is established between the legal sender A and the legitimate recipient B.
- the authentication of the data packet is realized by radio frequency fingerprint authentication, and has the characteristics of low computational complexity and small delay;
- the time interval between the two time slots may be several hours or even several days in the case that the radio frequency fingerprint authentication does not fail and the communication is always connected;
- FIG. 1 is a flowchart of a cross-layer authentication method based on radio frequency fingerprint according to the present invention
- Figure 3 is an embodiment of the present invention.
- the cross-layer authentication method based on radio frequency fingerprint includes the following steps:
- the legal sender A sends the first data packet to the legal receiver B, and performs upper layer authentication on the first data packet.
- step S2 If the upper layer authentication succeeds, the trust connection between the legal sender A and the legal receiver B is established, and the process proceeds to step S2;
- step S1 is repeated.
- the identity authentication of the first data packet uses digital signature authentication based on public key infrastructure or TESLA based authentication.
- step S1 includes the following sub-steps:
- the legal sender A is assigned an anonymous public/private key pair ⁇ pubK A , priK A >, public/private key pair ⁇ pubK A , priK A > with a certain lifetime.
- the virtual ID of the public/private key pair ⁇ pubK A , priK A > is PVID A ;
- the legal recipient B is assigned an anonymous public/private key pair ⁇ pubK B , priK B > with a certain lifetime, and the public/private key pair ⁇ pubK B , priK B > is Cert B , public key / The virtual ID of the private key pair ⁇ pubK B , priK B > is PVID B ; the public key/private key pair ⁇ pubK A , priK A > and the public/private key pair ⁇ pubK B , priK B > have a lifetime For a few minutes.
- the legitimate sender A uses the private key priK A to sign the hash message of the first data packet, and the first data packet is represented as Then the first packet Send to legal recipient B, ie:
- T 1 current timestamp
- the legal recipient B considers the first data packet.
- the sender is the legitimate sender A, establishing a trusted connection between the legitimate sender A and the legitimate receiver B.
- step S15 If the signature verification fails, the legal receiver B discards the first data packet. Go to step S12.
- the legal receiver B extracts the radio frequency fingerprint feature vector of the legal sender A, and stores the radio frequency fingerprint feature vector in the memory of the legal receiver B.
- the sender X sends the second data packet to the legal receiver B, and the legal receiver B extracts the radio frequency fingerprint feature vector of the sender X.
- the steps of the legal receiver B extracting the radio frequency fingerprint feature vector of the legal sender A and the legal receiver B extracting the radio frequency fingerprint feature vector of the sender X include the following steps:
- the legal receiver B receives the radio frequency signal
- the legal receiver B uses the Hilbert transform to parse the received radio frequency signal, then calculates the instantaneous phase of the radio frequency signal, and detects the transient signal by the phase detection method;
- the legal receiver B obtains a smooth instantaneous envelope curve by using a wavelet analysis transform method
- the radio frequency fingerprint feature sample in the step S4 includes one or more of the radio frequency fingerprint feature vectors stored in the memory of the legal receiver B, that is, the legal receiver B determines the radio frequency fingerprint feature vector and the radio frequency of the sender X.
- the radio frequency fingerprint feature vector sample includes the kS-1th to k-1th radio frequency fingerprint feature vectors stored by the legal receiver B, wherein the value of S is verified
- the algorithm determines.
- the legal receiver B performs radio frequency fingerprint authentication on the radio frequency fingerprint feature vector of the sender X in step S3 according to the radio frequency fingerprint feature vector, that is, determines the radio frequency fingerprint feature vector of the sender X and the radio frequency fingerprint feature included in the radio frequency fingerprint feature vector sample. Similarity of vectors;
- the radio frequency fingerprint authentication is successful, the sender X is the legal sender A, and the radio frequency fingerprint feature vector of the sender X is stored in the memory of the legal receiver B, and the jump step S3;
- the radio frequency fingerprint authentication fails, the sender X is the attacker E, and the legal receiver B discards the second data packet, and the process proceeds to step S1.
- the identifiers used in the step S5 for performing radio frequency fingerprint authentication are an SVM recognizer and a BP neural network recognizer.
- the legal receiver B uses the SVM identifier and the BP neural network identifier to identify the radio frequency fingerprint feature vector according to the radio frequency fingerprint feature vector sample, thereby performing radio frequency fingerprint verification on the received data packet.
- the verification algorithm for performing radio frequency fingerprint authentication in the step S5 is a likelihood ratio test method or a sequential probability ratio test method.
- the verification algorithm determines the RF fingerprint feature vector contained in the RF fingerprint feature vector sample.
- the step of setting a threshold is also included before the step S5.
- the invention only uses the public key infrastructure-based digital signature authentication or the TESLA-based authentication for the first data packet to establish the upper-layer identity authentication when the trusted connection is established between the legal sender A and the legal receiver B; in the subsequent time slot As long as the authentication fails in the RF fingerprint authentication and the communication between the legitimate sender A and the legitimate receiver B is in a connected state, the legal receiver B only needs to perform radio frequency fingerprint authentication on the received data packet, which is complicated in calculation. Low degree and low delay.
- the time interval between the two time slots may be several hours or even several days when the radio frequency fingerprint authentication fails and the communication is always connected; when the radio frequency fingerprint authentication fails or the communication terminal After the connection needs to be re-established, the upper layer authentication of the data packet is required again.
- the difference in the characteristics of the radio frequency fingerprint can be reflected in the transient signal.
- the attacker E cannot obtain the radio frequency fingerprint feature of the legal sender A extracted by the legal receiver B, and thus cannot send the data to the legal sender A.
- the package is tampering, forwarding or forging to ensure communication security.
- the legitimate sender A sends the first data packet to the legal receiver B
- the legal receiver B uses the digital signature authentication based on the public key infrastructure to authenticate the first data packet: If the authentication succeeds, the RF fingerprint feature vector RF AB,1 of the legal sender A is extracted and saved; if the authentication fails, the current data packet is discarded, the legal sender A resends the first data packet, and the legal recipient B adopts the public key.
- the digital signature authentication of the infrastructure authenticates the first data packet.
- the sender X sends the second data packet to the legal receiver B.
- the legal receiver B extracts the RF fingerprint feature vector RF AB,2 of the sender X; the legal receiver B uses the likelihood ratio test or the sequential probability ratio test to evaluate the radio frequency fingerprint according to the radio frequency fingerprint feature vector RF AB,1 Vector RF AB, 2 performs RF fingerprint authentication; if the RF fingerprint authentication is successful, the RF fingerprint feature vector RF AB, 2 is saved , and the sender X sends the next data packet to the legal receiver B; if the RF fingerprint authentication fails, the current data is discarded.
- the data packet, the legitimate sender A resends the first data packet, and the legitimate recipient B authenticates the first data packet by using the digital signature authentication based on the public key infrastructure.
- the sender X sends the Kth packet to the legal receiver B.
- the legal receiver B extracts the RF fingerprint feature vector RF AB,k of the sender X , and the legal receiver B uses the likelihood ratio test according to the radio frequency fingerprint feature vectors RF AB, k-1 , . . .
- the sequential probability ratio test method performs RF fingerprint authentication on the RF fingerprint feature vector RF AB,k , wherein the value of S is determined by the selected algorithm; if the RF fingerprint authentication is successful, the RF fingerprint feature vector RF AB,k is saved , and the sender X sends the next data packet to the legal receiver B; if the radio frequency fingerprint authentication fails, the current data packet is discarded, the legitimate sender A resends the first data packet, and the legal recipient B uses the digital signature authentication based on the public key infrastructure. The first packet is authenticated.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Disclosed is a radio frequency fingerprint-based cross-layer authentication method. The method comprises the following steps: S1, in a first timeslot, an authorized sender A sends a first data packet to an authorized receiver B and carries out upper-layer authentication on the first data packet; S2, extract a radio frequency fingerprint characteristic vector of the authorized sender A, and storing the radio frequency fingerprint characteristic vector in a memory of the authorized receiver B; S3, in a next timeslot, a sender X sends a second data packet to the authorized receiver B, and extracts a radio frequency fingerprint characteristic vector of the sender X; and S4, set a radio frequency fingerprint characteristic vector sample; and S5, determine a similarity degree between the radio frequency fingerprint characteristic vector of the sender X and the radio frequency fingerprint characteristic vector sample; if the similarity degree is greater than or equal to a set threshold, indicate that the radio frequency fingerprint authentication is successful, and store the radio frequency fingerprint characteristic vector of the sender X, and turn to step S3; and otherwise, indicate that the radio frequency fingerprint authentication fails, discard the second data packet and turn to step S1. The present method has the characteristics of low complexity, low time delay and high precision.
Description
本发明涉及信息安全技术领域,特别是涉及一种基于射频指纹的跨层认证方法。The present invention relates to the field of information security technologies, and in particular, to a cross-layer authentication method based on radio frequency fingerprint.
无线通信网络的开放性导致在无线传输过程中攻击者很容易注入恶意数据或者篡改合法消息的内容。广播报文认证是对抗可能出现的大多数攻击的一种有效方案,它可以让已定接收器确定接收所期望的信息源的数据。采用以公钥基础设施为基础的数据签名技术(如RSA或DSA),在签名认证中涉及了密集计算,导致资源消耗十分严重,这为资源非常有限的移动设备增加了严重的负担。随着无线通信的发展,移动电子商务的安全和隐私风险成为关注的焦点,移动终端、WiFi网络卡和RFID标签等都急需低复杂度和低成本的认证。对于这种资源受限的情况,提出了给予TESLA技术的轻量级密码机的安全方案。尽管TESLA是我们已知的最好方案之一,它仍然要求节点间的同步,并且容易受到拒绝服务攻击,其中攻击者通过连续发送时间同步请求来阻塞合法发信者,轻量级密码机的安全强度受到危害。现在大多数无线通信方案只能在接入网络时对第一帧进行认证,对后面的数据包均不予以认证,这可能会导致很多安全问题,如ID跟踪、中间人攻击和恶意节点攻击等。The openness of wireless communication networks makes it easy for an attacker to inject malicious data or tamper with the contents of a legitimate message during wireless transmission. Broadcast message authentication is an effective solution against most attacks that may occur, allowing a given receiver to determine the data that receives the desired source of information. The use of public key infrastructure-based data signature techniques (such as RSA or DSA) involves intensive computing in signature authentication, resulting in very severe resource consumption, which adds a significant burden to mobile devices with very limited resources. With the development of wireless communication, the security and privacy risks of mobile e-commerce have become the focus of attention. Mobile terminals, WiFi network cards and RFID tags are in urgent need of low complexity and low cost authentication. For such resource-constrained situations, a security scheme for a lightweight cipher machine given TESLA technology is proposed. Although TESLA is one of the best known solutions, it still requires synchronization between nodes and is vulnerable to denial of service attacks. The attacker blocks the legitimate sender by continuously sending time synchronization requests. The security of the lightweight cipher machine. The strength is compromised. Most wireless communication solutions now only authenticate the first frame when accessing the network, and do not authenticate subsequent packets. This can lead to many security issues, such as ID tracking, man-in-the-middle attacks, and malicious node attacks.
最近,一些研究人员已经转向使用物理层信息来增强无线通信的安全,尝试将现有的认证与基于信道信息的物理层认证方案相结合,旨在实现轻量级并快速认证。这些研究利用物理层的信道响应时空唯一性,使得通信节点间的信道响应可以像指纹一样仅能被合法发送者和接收者识别,并整合了现有的消息认证方案和物理层的认证机制。然而,通信信道的时空唯一性正处于高速拥堵的环境下;并且这种方法仅适用于两个时隙间的时间间隔小于相干时间,并且移动速度很低的情况。当通信双方的两个时隙间的间隔时间大于信道相干时间时,他们需要进行上层认证。Recently, some researchers have turned to the use of physical layer information to enhance the security of wireless communications, and attempt to combine existing authentication with channel-based physical layer authentication schemes for lightweight and fast authentication. These studies make use of the spatial and temporal uniqueness of the channel response of the physical layer, so that the channel response between communication nodes can be recognized only by legitimate senders and receivers like fingerprints, and integrates the existing message authentication scheme and the physical layer authentication mechanism. However, the spatio-temporal uniqueness of the communication channel is in a high-speed congestion environment; and this method is only applicable when the time interval between two time slots is less than the coherence time and the moving speed is very low. When the interval between two time slots of the communication parties is greater than the channel coherence time, they need to perform upper layer authentication.
射频(Radio Frequency,RF)指纹的唯一性是用于识别发射机的状态的另一个重要的资源。这种唯一性与电气元件、印刷电路板的路线、集成电路内部路径和射频中经高精度和高带宽的示波器显示的无线发射机的滤波器输出结果均有关,并且其差异在瞬时信号间都可以体现出来。来自不同制造商的设备,其射频指纹有很大的不同。据透露,即使在同一系列的无线网络卡上的射频指纹也不同;因而射频指纹有很大的不同,可用于识别无线发射机。The uniqueness of the radio frequency (RF) fingerprint is another important resource for identifying the state of the transmitter. This uniqueness is related to the electrical component, the printed circuit board route, the internal path of the integrated circuit, and the filter output of the wireless transmitter displayed by the high-precision and high-bandwidth oscilloscope in the RF, and the difference is between the transient signals. Can be reflected. The RF fingerprints of devices from different manufacturers vary widely. According to reports, even the radio frequency fingerprints on the same series of wireless network cards are different; thus the radio frequency fingerprints are very different and can be used to identify wireless transmitters.
发明内容Summary of the invention
本发明的目的在于克服现有技术的不足,提供一种基于射频指纹的跨层认证方法,具有复杂度低、延时小和精确度高的特点,十分适用于资源受限的认证环境。The object of the present invention is to overcome the deficiencies of the prior art and provide a cross-layer authentication method based on radio frequency fingerprint, which has the characteristics of low complexity, small delay and high precision, and is very suitable for a resource-limited authentication environment.
本发明的目的是通过以下技术方案来实现的:基于射频指纹的跨层认证方法,包括以下
步骤:The object of the present invention is achieved by the following technical solutions: a cross-layer authentication method based on radio frequency fingerprint, including the following
step:
S1.第一时隙中,合法发送者A向合法接收者B发送第一数据包,对第一数据包进行上层认证;S1. In the first time slot, the legal sender A sends the first data packet to the legal receiver B, and performs upper layer authentication on the first data packet.
若上层认证成功,则建立合法发送者A和合法接收者B之间的信任连接,跳转步骤S2;If the upper layer authentication succeeds, the trust connection between the legal sender A and the legal receiver B is established, and the process proceeds to step S2;
若上层认证失败,则重复步骤S1;If the upper layer authentication fails, step S1 is repeated;
S2.合法接收者B提取合法发送者A的射频指纹特征向量,并将该射频指纹特征向量存储到合法接收者B的存储器中;S2. The legal receiver B extracts the radio frequency fingerprint feature vector of the legal sender A, and stores the radio frequency fingerprint feature vector in the memory of the legal receiver B;
S3.下一时隙中,发送者X向合法接收者B发送第二数据包,合法接收者B提取发送者X的射频指纹特征向量;S3. In the next time slot, the sender X sends the second data packet to the legal receiver B, and the legal receiver B extracts the radio frequency fingerprint feature vector of the sender X.
S4.设置射频指纹特征向量样本;S4. setting a radio frequency fingerprint feature vector sample;
S5.合法接收者B根据射频指纹特征向量对步骤S3中发送者X的射频指纹特征向量进行射频指纹认证,即判断发送者X的射频指纹特征向量与射频指纹特征向量样本的相似度;S5. The legal receiver B performs radio frequency fingerprint authentication on the radio frequency fingerprint feature vector of the sender X in step S3 according to the radio frequency fingerprint feature vector, that is, determines the similarity between the radio frequency fingerprint feature vector of the sender X and the radio frequency fingerprint feature vector sample;
若该相似度大于或等于设定的阈值,则射频指纹认证成功,发送者X为合法发送者A,将该发送者X的射频指纹特征向量存储到合法接收者B的存储器中,跳转步骤S3;If the similarity is greater than or equal to the set threshold, the radio frequency fingerprint authentication is successful, the sender X is the legal sender A, and the radio frequency fingerprint feature vector of the sender X is stored in the memory of the legal receiver B, and the jump step S3;
若该相似度小于设定的阈值,则射频指纹认证失败,发送者X为攻击者E,合法接收者B丢弃第二数据包,跳转步骤S1。If the similarity is less than the set threshold, the radio frequency fingerprint authentication fails, the sender X is the attacker E, and the legal receiver B discards the second data packet, and the process proceeds to step S1.
所述上层认证采用基于公钥基础设施的数字签名认证或基于TESLA的认证。The upper layer authentication uses digital signature authentication based on public key infrastructure or TESLA based authentication.
所述上层认证采用基于公钥基础设施的数字签名认证时,步骤S1包括以下子步骤:When the upper layer authentication uses digital signature authentication based on the public key infrastructure, step S1 includes the following substeps:
S11.第一时隙中,为合法发送者A分配具有一定生命周期的匿名的公钥/私钥对<pubKA,priKA>,公钥/私钥对<pubKA,priKA>的证书为CertA,公钥/私钥对<pubKA,priKA>的虚拟ID为PVIDA;S11. In the first time slot, the legal sender A is assigned an anonymous public/private key pair <pubK A , priK A >, public/private key pair <pubK A , priK A > with a certain lifetime. For Cert A , the virtual ID of the public/private key pair <pubK A , priK A > is PVID A ;
为合法接收者B分配一个具有一定生命周期的匿名的公钥/私钥对<pubKB,priKB>,公钥/私钥对<pubKB,priKB>的证书为CertB,公钥/私钥对<pubKB,priKB>的虚拟ID为PVIDB;The legal recipient B is assigned an anonymous public/private key pair <pubK B , priK B > with a certain lifetime, and the public/private key pair <pubK B , priK B > is Cert B , public key / The virtual ID of the private key pair <pubK B , priK B > is PVID B ;
S12.合法发送者A利用其私钥priKA对第一数据包的散列消息进行签名,第一数据包表示为然后将第一数据包发送给合法接收者B,即:S12. The legitimate sender A uses the private key priK A to sign the hash message of the first data packet, and the first data packet is represented as Then the first packet Send to legal recipient B, ie:
S13.合法接收者B收到第一数据包后,合法接收者B利用公钥pubKA对第一数据包
的签名进行验证:S13. The legal recipient B receives the first data packet. After that, the legitimate recipient B uses the public key pubK A to the first data packet. Signature verification:
式中,|-并置运算符,T1-当前时间戳;Where ||-collocated operator, T 1 - current timestamp;
S14.若签名验证成功,则合法接收者B认为第一数据包的发送者是合法发送者A,建立合法发送者A和合法接收者B之间的信任连接;S14. If the signature verification is successful, the legal recipient B considers the first data packet. The sender is the legal sender A, establishing a trust connection between the legitimate sender A and the legitimate receiver B;
S15.若签名验证失败,则合法接收者B丢弃第一数据包跳转步骤S12。S15. If the signature verification fails, the legal receiver B discards the first data packet. Go to step S12.
所述合法接收者B提取合法发送者A的射频指纹特征向量和合法接收者B提取发送者X的射频指纹特征向量的步骤均包括以下步骤:The steps of the legal receiver B extracting the radio frequency fingerprint feature vector of the legal sender A and the legal receiver B extracting the radio frequency fingerprint feature vector of the sender X include the following steps:
S01.合法接收者B接收射频信号;S01. The legal receiver B receives the radio frequency signal;
S02.合法接收者B利用希尔伯特变换对接收到的射频信号进行解析,然后计算射频信号的瞬时相位,通过相位检测的方法来检测瞬态信号;S02. The legal receiver B uses the Hilbert transform to parse the received radio frequency signal, then calculates the instantaneous phase of the radio frequency signal, and detects the transient signal by the phase detection method;
S03.合法接收者B采用小波分析变换的方法获取平滑的瞬时包络曲线;S03. The legal receiver B obtains a smooth instantaneous envelope curve by using a wavelet analysis transform method;
S04.采用拟合曲线对瞬时包络曲线进行处理得到拟合系数,即提取射频指纹特征向量。S04. Using the fitting curve to process the instantaneous envelope curve to obtain the fitting coefficient, that is, extracting the RF fingerprint feature vector.
所述步骤S5中进行射频指纹认证时采用的识别器为SVM识别器和BP神经网络识别器。The identifiers used in the step S5 for performing radio frequency fingerprint authentication are an SVM recognizer and a BP neural network recognizer.
所述步骤S5中进行射频指纹认证的检验算法为似然比检验法或序贯概率比检验法。The verification algorithm for performing radio frequency fingerprint authentication in the step S5 is a likelihood ratio test method or a sequential probability ratio test method.
所述步骤S5之前还包括设置阈值的步骤。The step of setting a threshold is also included before the step S5.
所述步骤S4中的射频指纹特征样本包括合法接收者B的存储器中存储的射频指纹特征向量中的一个或多个。The radio frequency fingerprint feature sample in the step S4 includes one or more of the radio frequency fingerprint feature vectors stored in the memory of the legal recipient B.
本发明的有益效果是:The beneficial effects of the invention are:
(1)本发明仅在合法发送者A和合法接收者B之间建立信任连接时,对第一数据包采用基于公钥基础设施的数字签名认证或基于TESLA的认证进行上层身份认证,对后续数据包的认证则通过射频指纹认证来实现,具有计算复杂度低和延时小的特点;(1) The present invention uses the public key infrastructure-based digital signature authentication or the TESLA-based authentication for the first data packet to establish an upper-layer identity authentication only when a trusted connection is established between the legal sender A and the legitimate recipient B. The authentication of the data packet is realized by radio frequency fingerprint authentication, and has the characteristics of low computational complexity and small delay;
(2)由于射频指纹特征向量不随时间变化,因此在射频指纹认证未出现失败且通信一直连接的情况下,两个时隙之间的时间间隔可以长达数小时甚至数天;(2) Since the radio frequency fingerprint feature vector does not change with time, the time interval between the two time slots may be several hours or even several days in the case that the radio frequency fingerprint authentication does not fail and the communication is always connected;
(3)整个通信过程中,由于射频指纹特征向量的差异在瞬时信号间都可以体现出来,攻击者E无法获取合法接收者B提取的合法发送者A的射频指纹特征,因而无法对合法发送者A发送的数据包进行篡改、转发或伪造,保证了通信安全。(3) In the whole communication process, since the difference of the radio frequency fingerprint feature vector can be reflected between the transient signals, the attacker E cannot obtain the radio frequency fingerprint feature of the legal sender A extracted by the legal receiver B, and thus cannot be the legal sender. The data packets sent by A are tampering, forwarding or forging to ensure communication security.
图1为本发明基于射频指纹的跨层认证方法的流程图;
1 is a flowchart of a cross-layer authentication method based on radio frequency fingerprint according to the present invention;
图2为本发明中提取射频指纹特征向量的流程图;2 is a flow chart of extracting a radio frequency fingerprint feature vector in the present invention;
图3为本发明的一个实施例。Figure 3 is an embodiment of the present invention.
下面结合附图进一步详细描述本发明的技术方案,但本发明的保护范围不局限于以下所述。The technical solution of the present invention will be described in further detail below with reference to the accompanying drawings, but the scope of protection of the present invention is not limited to the following.
如图1所示,基于射频指纹的跨层认证方法,包括以下步骤:As shown in FIG. 1, the cross-layer authentication method based on radio frequency fingerprint includes the following steps:
S1.第一时隙中,合法发送者A向合法接收者B发送第一数据包,对第一数据包进行上层认证;S1. In the first time slot, the legal sender A sends the first data packet to the legal receiver B, and performs upper layer authentication on the first data packet.
若上层认证成功,则建立合法发送者A和合法接收者B之间的信任连接,跳转步骤S2;If the upper layer authentication succeeds, the trust connection between the legal sender A and the legal receiver B is established, and the process proceeds to step S2;
若上层认证失败,则重复步骤S1。If the upper layer authentication fails, step S1 is repeated.
所述对第一数据包进行身份认证采用基于公钥基础设施的数字签名认证或基于TESLA的认证。The identity authentication of the first data packet uses digital signature authentication based on public key infrastructure or TESLA based authentication.
所述对第一数据包进行身份认证采用基于公钥基础设施的数字签名认证时,步骤S1包括以下子步骤:When the identity authentication of the first data packet is performed by digital signature authentication based on the public key infrastructure, step S1 includes the following sub-steps:
S11.第一时隙中,为合法发送者A分配具有一定生命周期的匿名的公钥/私钥对<pubKA,priKA>,公钥/私钥对<pubKA,priKA>的证书为CertA,公钥/私钥对<pubKA,priKA>的虚拟ID为PVIDA;S11. In the first time slot, the legal sender A is assigned an anonymous public/private key pair <pubK A , priK A >, public/private key pair <pubK A , priK A > with a certain lifetime. For Cert A , the virtual ID of the public/private key pair <pubK A , priK A > is PVID A ;
为合法接收者B分配一个具有一定生命周期的匿名的公钥/私钥对<pubKB,priKB>,公钥/私钥对<pubKB,priKB>的证书为CertB,公钥/私钥对<pubKB,priKB>的虚拟ID为PVIDB;所述公钥/私钥对<pubKA,priKA>和公钥/私钥对<pubKB,priKB>的生命周期一般为几分钟。The legal recipient B is assigned an anonymous public/private key pair <pubK B , priK B > with a certain lifetime, and the public/private key pair <pubK B , priK B > is Cert B , public key / The virtual ID of the private key pair <pubK B , priK B > is PVID B ; the public key/private key pair <pubK A , priK A > and the public/private key pair <pubK B , priK B > have a lifetime For a few minutes.
S12.合法发送者A利用其私钥priKA对第一数据包的散列消息进行签名,第一数据包表示为然后将第一数据包发送给合法接收者B,即:S12. The legitimate sender A uses the private key priK A to sign the hash message of the first data packet, and the first data packet is represented as Then the first packet Send to legal recipient B, ie:
S13.合法接收者B收到第一数据包后,合法接收者B利用公钥pubKA对第一数据包的签名进行验证:S13. The legal recipient B receives the first data packet. After that, the legitimate recipient B uses the public key pubK A to the first data packet. Signature verification:
式中,|-并置运算符,T1-当前时间戳。Where ||-collocated operator, T 1 - current timestamp.
S14.若签名验证成功,则合法接收者B认为第一数据包的发送者是合法发送者A,建立合法发送者A和合法接收者B之间的信任连接。S14. If the signature verification is successful, the legal recipient B considers the first data packet. The sender is the legitimate sender A, establishing a trusted connection between the legitimate sender A and the legitimate receiver B.
S15.若签名验证失败,则合法接收者B丢弃第一数据包跳转步骤S12。S15. If the signature verification fails, the legal receiver B discards the first data packet. Go to step S12.
S2.合法接收者B提取合法发送者A的射频指纹特征向量,并将该射频指纹特征向量存储到合法接收者B的存储器中。S2. The legal receiver B extracts the radio frequency fingerprint feature vector of the legal sender A, and stores the radio frequency fingerprint feature vector in the memory of the legal receiver B.
S3.下一时隙中,发送者X向合法接收者B发送第二数据包,合法接收者B提取发送者X的射频指纹特征向量。S3. In the next time slot, the sender X sends the second data packet to the legal receiver B, and the legal receiver B extracts the radio frequency fingerprint feature vector of the sender X.
如图2所示,所述合法接收者B提取合法发送者A的射频指纹特征向量和合法接收者B提取发送者X的射频指纹特征向量的步骤均包括以下步骤:As shown in FIG. 2, the steps of the legal receiver B extracting the radio frequency fingerprint feature vector of the legal sender A and the legal receiver B extracting the radio frequency fingerprint feature vector of the sender X include the following steps:
S01.合法接收者B接收射频信号;S01. The legal receiver B receives the radio frequency signal;
S02.合法接收者B利用希尔伯特变换对接收到的射频信号进行解析,然后计算射频信号的瞬时相位,通过相位检测的方法来检测瞬态信号;S02. The legal receiver B uses the Hilbert transform to parse the received radio frequency signal, then calculates the instantaneous phase of the radio frequency signal, and detects the transient signal by the phase detection method;
S03.合法接收者B采用小波分析变换的方法获取平滑的瞬时包络曲线;S03. The legal receiver B obtains a smooth instantaneous envelope curve by using a wavelet analysis transform method;
S04.采用拟合曲线对瞬时包络曲线进行处理得到拟合系数,即提取射频指纹特征向量。S04. Using the fitting curve to process the instantaneous envelope curve to obtain the fitting coefficient, that is, extracting the RF fingerprint feature vector.
S4.设置射频指纹特征向量样本。所述步骤S4中的射频指纹特征样本包括合法接收者B的存储器中存储的射频指纹特征向量中的一个或多个,即合法接收者B第k次判断发送者X的射频指纹特征向量与射频指纹特征向量样本中包含的射频指纹特征向量的相似度时,射频指纹特征向量样本包括合法接收者B存储的第k-S-1个至第k-1个射频指纹特征向量,其中S的值由检验算法决定。S4. Set the RF fingerprint feature vector sample. The radio frequency fingerprint feature sample in the step S4 includes one or more of the radio frequency fingerprint feature vectors stored in the memory of the legal receiver B, that is, the legal receiver B determines the radio frequency fingerprint feature vector and the radio frequency of the sender X. When the similarity of the radio frequency fingerprint feature vector included in the fingerprint feature vector sample, the radio frequency fingerprint feature vector sample includes the kS-1th to k-1th radio frequency fingerprint feature vectors stored by the legal receiver B, wherein the value of S is verified The algorithm determines.
S5.合法接收者B根据射频指纹特征向量对步骤S3中发送者X的射频指纹特征向量进行射频指纹认证,即判断发送者X的射频指纹特征向量与射频指纹特征向量样本中包含的射频指纹特征向量的相似度;S5. The legal receiver B performs radio frequency fingerprint authentication on the radio frequency fingerprint feature vector of the sender X in step S3 according to the radio frequency fingerprint feature vector, that is, determines the radio frequency fingerprint feature vector of the sender X and the radio frequency fingerprint feature included in the radio frequency fingerprint feature vector sample. Similarity of vectors;
若该相似度大于或等于设定的阈值,则射频指纹认证成功,发送者X为合法发送者A,将该发送者X的射频指纹特征向量存储到合法接收者B的存储器中,跳转步骤S3;If the similarity is greater than or equal to the set threshold, the radio frequency fingerprint authentication is successful, the sender X is the legal sender A, and the radio frequency fingerprint feature vector of the sender X is stored in the memory of the legal receiver B, and the jump step S3;
若该相似度小于设定的阈值,则射频指纹认证失败,发送者X为攻击者E,合法接收者B丢弃第二数据包,跳转步骤S1。If the similarity is less than the set threshold, the radio frequency fingerprint authentication fails, the sender X is the attacker E, and the legal receiver B discards the second data packet, and the process proceeds to step S1.
所述步骤S5中进行射频指纹认证时采用的识别器为SVM识别器和BP神经网络识别器。合法接收者B根据射频指纹特征向量样本,使用SVM识别器和BP神经网络识别器对射频指纹特征向量进行识别,从而对接收到的数据包进行射频指纹验证。
The identifiers used in the step S5 for performing radio frequency fingerprint authentication are an SVM recognizer and a BP neural network recognizer. The legal receiver B uses the SVM identifier and the BP neural network identifier to identify the radio frequency fingerprint feature vector according to the radio frequency fingerprint feature vector sample, thereby performing radio frequency fingerprint verification on the received data packet.
所述步骤S5中进行射频指纹认证的检验算法为似然比检验法或序贯概率比检验法。检验算法决定射频指纹特征向量样本中包含的射频指纹特征向量。The verification algorithm for performing radio frequency fingerprint authentication in the step S5 is a likelihood ratio test method or a sequential probability ratio test method. The verification algorithm determines the RF fingerprint feature vector contained in the RF fingerprint feature vector sample.
所述步骤S5之前还包括设置阈值的步骤。The step of setting a threshold is also included before the step S5.
本发明仅在合法发送者A和合法接收者B之间建立信任连接时,对第一数据包采用基于公钥基础设施的数字签名认证或基于TESLA的认证进行上层身份认证;在后续时隙中,只要射频指纹认证未出现认证失败且合法发送者A和和合法接收者B之间的通信处于连接状态,合法接收者B只需对接收到的数据包进行射频指纹认证即可,具有计算复杂度低和延时小的特点。The invention only uses the public key infrastructure-based digital signature authentication or the TESLA-based authentication for the first data packet to establish the upper-layer identity authentication when the trusted connection is established between the legal sender A and the legal receiver B; in the subsequent time slot As long as the authentication fails in the RF fingerprint authentication and the communication between the legitimate sender A and the legitimate receiver B is in a connected state, the legal receiver B only needs to perform radio frequency fingerprint authentication on the received data packet, which is complicated in calculation. Low degree and low delay.
由于射频指纹特征不随时间变化,因此在射频指纹认证未出现失败且通信一直连接的情况下,两个时隙之间的时间间隔可以长达数小时甚至数天;当射频指纹认证失败或通信终端后需要重新建立连接时,则需要再次对数据包进行上层认证。整个通信过程中,由于射频指纹特征的差异在瞬时信号间都可以体现出来,攻击者E无法获取合法接收者B提取的合法发送者A的射频指纹特征,因而无法对合法发送者A发送的数据包进行篡改、转发或伪造,保证了通信安全。Since the characteristics of the radio frequency fingerprint do not change with time, the time interval between the two time slots may be several hours or even several days when the radio frequency fingerprint authentication fails and the communication is always connected; when the radio frequency fingerprint authentication fails or the communication terminal After the connection needs to be re-established, the upper layer authentication of the data packet is required again. During the entire communication process, the difference in the characteristics of the radio frequency fingerprint can be reflected in the transient signal. The attacker E cannot obtain the radio frequency fingerprint feature of the legal sender A extracted by the legal receiver B, and thus cannot send the data to the legal sender A. The package is tampering, forwarding or forging to ensure communication security.
如图3所示,第一时隙时,合法发送者A向合法接收者B发送第一数据包,合法接收者B采用基于公钥基础设施的数字签名认证对第一数据包进行认证:若认证成功,则提取和保存合法发送者A的射频指纹特征向量RFAB,1;若认证失败,则丢弃当前数据包,合法发送者A重新发送第一数据包,合法接收者B采用基于公钥基础设施的数字签名认证对第一数据包进行认证。As shown in FIG. 3, in the first time slot, the legitimate sender A sends the first data packet to the legal receiver B, and the legal receiver B uses the digital signature authentication based on the public key infrastructure to authenticate the first data packet: If the authentication succeeds, the RF fingerprint feature vector RF AB,1 of the legal sender A is extracted and saved; if the authentication fails, the current data packet is discarded, the legal sender A resends the first data packet, and the legal recipient B adopts the public key. The digital signature authentication of the infrastructure authenticates the first data packet.
第二时隙时,发送者X向合法接收者B发送第二数据包合法接收者B提取发送者X的射频指纹特征向量RFAB,2;合法接收者B根据射频指纹特征向量RFAB,1,运用似然比检验法或序贯概率比检验法等对射频指纹特征向量RFAB,2进行射频指纹认证;若射频指纹认证成功,则保存射频指纹特征向量RFAB,2,发送者X向合法接收者B发送下一个数据包;若射频指纹认证失败,则丢弃当前数据包,合法发送者A重新发送第一数据包,合法接收者B采用基于公钥基础设施的数字签名认证对第一数据包进行认证。In the second time slot, the sender X sends the second data packet to the legal receiver B. The legal receiver B extracts the RF fingerprint feature vector RF AB,2 of the sender X; the legal receiver B uses the likelihood ratio test or the sequential probability ratio test to evaluate the radio frequency fingerprint according to the radio frequency fingerprint feature vector RF AB,1 Vector RF AB, 2 performs RF fingerprint authentication; if the RF fingerprint authentication is successful, the RF fingerprint feature vector RF AB, 2 is saved , and the sender X sends the next data packet to the legal receiver B; if the RF fingerprint authentication fails, the current data is discarded. The data packet, the legitimate sender A resends the first data packet, and the legitimate recipient B authenticates the first data packet by using the digital signature authentication based on the public key infrastructure.
第K时隙时,发送者X向合法接收者B发送第K数据包合法接收者B提取发送者X的射频指纹特征向量RFAB,k,合法接收者B根据射频指纹特征向量RFAB,k-1,…,RFAB,k-S-1,运用似然比检验法或序贯概率比检验法等对射频指纹特征向量RFAB,k进行射频指纹认证,其中S
的值由选择的算法确定;若射频指纹认证成功,则保存射频指纹特征向量RFAB,k,发送者X向合法接收者B发送下一个数据包;若射频指纹认证失败,则丢弃当前数据包,合法发送者A重新发送第一数据包,合法接收者B采用基于公钥基础设施的数字签名认证对第一数据包进行认证。
In the Kth time slot, the sender X sends the Kth packet to the legal receiver B. The legal receiver B extracts the RF fingerprint feature vector RF AB,k of the sender X , and the legal receiver B uses the likelihood ratio test according to the radio frequency fingerprint feature vectors RF AB, k-1 , . . . , RF AB, kS-1 or The sequential probability ratio test method performs RF fingerprint authentication on the RF fingerprint feature vector RF AB,k , wherein the value of S is determined by the selected algorithm; if the RF fingerprint authentication is successful, the RF fingerprint feature vector RF AB,k is saved , and the sender X sends the next data packet to the legal receiver B; if the radio frequency fingerprint authentication fails, the current data packet is discarded, the legitimate sender A resends the first data packet, and the legal recipient B uses the digital signature authentication based on the public key infrastructure. The first packet is authenticated.
Claims (8)
- 基于射频指纹的跨层认证方法,其特征在于:包括以下步骤:A cross-layer authentication method based on radio frequency fingerprinting, comprising: the following steps:S1.第一时隙中,合法发送者A向合法接收者B发送第一数据包,对第一数据包进行上层认证;S1. In the first time slot, the legal sender A sends the first data packet to the legal receiver B, and performs upper layer authentication on the first data packet.若上层认证成功,则建立合法发送者A和合法接收者B之间的信任连接,跳转步骤S2;If the upper layer authentication succeeds, the trust connection between the legal sender A and the legal receiver B is established, and the process proceeds to step S2;若上层认证失败,则重复步骤S1;If the upper layer authentication fails, step S1 is repeated;S2.合法接收者B提取合法发送者A的射频指纹特征向量,并将该射频指纹特征向量存储到合法接收者B的存储器中;S2. The legal receiver B extracts the radio frequency fingerprint feature vector of the legal sender A, and stores the radio frequency fingerprint feature vector in the memory of the legal receiver B;S3.下一时隙中,发送者X向合法接收者B发送第二数据包,合法接收者B提取发送者X的射频指纹特征向量;S3. In the next time slot, the sender X sends the second data packet to the legal receiver B, and the legal receiver B extracts the radio frequency fingerprint feature vector of the sender X.S4.设置射频指纹特征向量样本;S4. setting a radio frequency fingerprint feature vector sample;S5.合法接收者B根据射频指纹特征向量对步骤S3中发送者X的射频指纹特征向量进行射频指纹认证,即判断发送者X的射频指纹特征向量与射频指纹特征向量样本的相似度;S5. The legal receiver B performs radio frequency fingerprint authentication on the radio frequency fingerprint feature vector of the sender X in step S3 according to the radio frequency fingerprint feature vector, that is, determines the similarity between the radio frequency fingerprint feature vector of the sender X and the radio frequency fingerprint feature vector sample;若该相似度大于或等于设定的阈值,则射频指纹认证成功,发送者X为合法发送者A,将该发送者X的射频指纹特征向量存储到合法接收者B的存储器中,跳转步骤S3;If the similarity is greater than or equal to the set threshold, the radio frequency fingerprint authentication is successful, the sender X is the legal sender A, and the radio frequency fingerprint feature vector of the sender X is stored in the memory of the legal receiver B, and the jump step S3;若该相似度小于设定的阈值,则射频指纹认证失败,发送者X为攻击者E,合法接收者B丢弃第二数据包,跳转步骤S1。If the similarity is less than the set threshold, the radio frequency fingerprint authentication fails, the sender X is the attacker E, and the legal receiver B discards the second data packet, and the process proceeds to step S1.
- 根据权利要求1所述的基于射频指纹的跨层认证方法,其特征在于:所述上层认证采用基于公钥基础设施的数字签名认证或基于TESLA的认证。The cross-layer authentication method based on radio frequency fingerprint according to claim 1, wherein the upper layer authentication adopts digital signature authentication based on public key infrastructure or TESLA based authentication.
- 根据权利要求2所述的基于射频指纹的跨层认证方法,其特征在于:所述上层认证采用基于公钥基础设施的数字签名认证时,步骤S1包括以下子步骤:The cross-layer authentication method based on radio frequency fingerprint according to claim 2, wherein when the upper layer authentication uses digital signature authentication based on a public key infrastructure, step S1 includes the following substeps:S11.第一时隙中,为合法发送者A分配具有一定生命周期的匿名的公钥/私钥对<pubKA,priKA>,公钥/私钥对<pubKA,priKA>的证书为CertA,公钥/私钥对<pubKA,priKA>的虚拟ID为PVIDA;S11. In the first time slot, the legal sender A is assigned an anonymous public/private key pair <pubK A , priK A >, public/private key pair <pubK A , priK A > with a certain lifetime. For Cert A , the virtual ID of the public/private key pair <pubK A , priK A > is PVID A ;为合法接收者B分配一个具有一定生命周期的匿名的公钥/私钥对<pubKB,priKB>,公钥/私钥对<pubKB,priKB>的证书为CertB,公钥/私钥对<pubKB,priKB>的虚拟ID为PVIDB;The legal recipient B is assigned an anonymous public/private key pair <pubK B , priK B > with a certain lifetime, and the public/private key pair <pubK B , priK B > is Cert B , public key / The virtual ID of the private key pair <pubK B , priK B > is PVID B ;S12.合法发送者A利用其私钥priKA对第一数据包的散列消息进行签名,第一数据包表示为然后将第一数据包发送给合法接收者B,即: S12. The legitimate sender A uses the private key priK A to sign the hash message of the first data packet, and the first data packet is represented as Then the first packet Send to legal recipient B, ie:S13.合法接收者B收到第一数据包后,合法接收者B利用公钥pubKA对第一数据包的签名进行验证:S13. The legal recipient B receives the first data packet. After that, the legitimate recipient B uses the public key pubK A to the first data packet. Signature verification:式中,|-并置运算符,T1-当前时间戳;Where ||-collocated operator, T 1 - current timestamp;S14.若签名验证成功,则合法接收者B认为第一数据包的发送者是合法发送者A,建立合法发送者A和合法接收者B之间的信任连接;S14. If the signature verification is successful, the legal recipient B considers the first data packet. The sender is the legal sender A, establishing a trust connection between the legitimate sender A and the legitimate receiver B;
- 根据权利要求1所述的基于射频指纹的跨层认证方法,其特征在于:所述合法接收者B提取合法发送者A的射频指纹特征向量和合法接收者B提取发送者X的射频指纹特征向量的步骤均包括以下步骤:The cross-layer authentication method based on radio frequency fingerprint according to claim 1, wherein the legal receiver B extracts the radio frequency fingerprint feature vector of the legal sender A and the legal receiver B extracts the radio frequency fingerprint feature vector of the sender X. The steps include the following steps:S01.合法接收者B接收射频信号;S01. The legal receiver B receives the radio frequency signal;S02.合法接收者B利用希尔伯特变换对接收到的射频信号进行解析,然后计算射频信号的瞬时相位,通过相位检测的方法来检测瞬态信号;S02. The legal receiver B uses the Hilbert transform to parse the received radio frequency signal, then calculates the instantaneous phase of the radio frequency signal, and detects the transient signal by the phase detection method;S03.合法接收者B采用小波分析变换的方法获取平滑的瞬时包络曲线;S03. The legal receiver B obtains a smooth instantaneous envelope curve by using a wavelet analysis transform method;S04.采用拟合曲线对瞬时包络曲线进行处理得到拟合系数,即提取射频指纹特征向量。S04. Using the fitting curve to process the instantaneous envelope curve to obtain the fitting coefficient, that is, extracting the RF fingerprint feature vector.
- 根据权利要求1所述的基于射频指纹的跨层认证方法,其特征在于:所述步骤S5中进行射频指纹认证时采用的识别器为SVM识别器和BP神经网络识别器。The cross-layer authentication method based on radio frequency fingerprint according to claim 1, wherein the identifier used in the step of performing RF fingerprint authentication in step S5 is an SVM recognizer and a BP neural network recognizer.
- 根据权利要求1所述的基于射频指纹的跨层认证方法,其特征在于:所述步骤S5中进行射频指纹认证的检验算法为似然比检验法或序贯概率比检验法。The cross-layer authentication method based on radio frequency fingerprint according to claim 1, wherein the verification algorithm for performing radio frequency fingerprint authentication in step S5 is a likelihood ratio test method or a sequential probability ratio test method.
- 根据权利要求1所述的基于射频指纹的跨层认证方法,其特征在于:所述步骤S5之前还包括设置阈值的步骤。The cross-layer authentication method based on radio frequency fingerprint according to claim 1, wherein the step S5 further comprises the step of setting a threshold.
- 根据权利要求1所述的基于射频指纹的跨层认证方法,其特征在于:所述步骤S4中的射频指纹特征样本包括合法接收者B的存储器中存储的射频指纹特征向量中的一个或多个。 The cross-layer authentication method based on radio frequency fingerprint according to claim 1, wherein the radio frequency fingerprint feature sample in step S4 comprises one or more of radio frequency fingerprint feature vectors stored in a memory of a legal recipient B. .
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15/310,780 US10251058B2 (en) | 2015-08-19 | 2015-08-24 | Cross-layer authentication method based on radio frequency fingerprint |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510512638.8 | 2015-08-19 | ||
CN201510512638.8A CN105162778B (en) | 2015-08-19 | 2015-08-19 | Cross-layer authentication method based on radio-frequency fingerprint |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2017028323A1 true WO2017028323A1 (en) | 2017-02-23 |
Family
ID=54803532
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2015/087880 WO2017028323A1 (en) | 2015-08-19 | 2015-08-24 | Radio frequency fingerprint-based cross-layer authentication method |
Country Status (3)
Country | Link |
---|---|
US (1) | US10251058B2 (en) |
CN (1) | CN105162778B (en) |
WO (1) | WO2017028323A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2022116314A1 (en) * | 2020-12-03 | 2022-06-09 | 深圳大学 | Lightweight active cross-level verification method for smart grid |
Families Citing this family (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105635125A (en) * | 2015-12-25 | 2016-06-01 | 电子科技大学 | Physical layer combined authentication method based on RF fingerprint and channel information |
CN105763492B (en) * | 2016-04-26 | 2018-10-19 | 电子科技大学 | Physical layer authentication method based on basis expansion model channel information |
CN105959337B (en) * | 2016-07-25 | 2019-01-29 | 电子科技大学 | A kind of Sybil node recognition methods based on physical layer degree of belief |
CN106446877B (en) * | 2016-11-21 | 2019-07-30 | 电子科技大学 | A kind of radio-frequency fingerprint feature extraction and recognition methods based on signal amplitude sequence |
WO2018098641A1 (en) * | 2016-11-29 | 2018-06-07 | 华为技术有限公司 | Network security protection method and device |
CN107046468B (en) * | 2017-06-14 | 2020-10-02 | 电子科技大学 | Physical layer authentication threshold determination method and system |
WO2019061515A1 (en) * | 2017-09-30 | 2019-04-04 | 深圳大学 | Robust wireless communication physical layer slope authentication method and device |
CN108171183B (en) * | 2018-01-02 | 2021-01-22 | 京东方科技集团股份有限公司 | Display substrate, manufacturing method thereof, display device and fingerprint identification method |
CN108173871B (en) * | 2018-01-19 | 2020-02-21 | 西安电子科技大学 | Wireless network access authentication system and method based on radio frequency fingerprint and biological fingerprint |
CN108960138B (en) * | 2018-07-03 | 2019-07-02 | 南方电网科学研究院有限责任公司 | A kind of equipment authentication feature recognition methods based on convolutional neural networks |
CN108966232B (en) * | 2018-09-28 | 2021-04-20 | 深圳大学 | Service network-based wireless Internet of things physical layer hybrid authentication method and system |
CN109587136B (en) * | 2018-12-05 | 2020-06-19 | 电子科技大学 | Radio frequency fingerprint feature extraction and identification method based on double maximum values |
CN109919015A (en) * | 2019-01-28 | 2019-06-21 | 东南大学 | A kind of radio-frequency fingerprint extraction and recognition methods based on more sampling convolutional neural networks |
CN110035425B (en) * | 2019-04-04 | 2021-10-01 | 中国科学技术大学 | Physical fingerprint extraction method for wireless equipment based on wireless network card |
US11363416B2 (en) * | 2019-10-04 | 2022-06-14 | Samsung Electronics Co., Ltd. | System and method for WiFi-based indoor localization via unsupervised domain adaptation |
NL2024474B1 (en) * | 2019-12-17 | 2020-10-15 | Electric Power Res Institute China Southern Power Grid Co Ltd | A malicious node identification method based on the edge computing |
CN112074002B (en) * | 2020-08-28 | 2023-01-31 | 国网电力科学研究院有限公司 | Access authentication method and system for electric power wireless private network equipment |
CN114997299B (en) * | 2022-05-27 | 2024-04-16 | 电子科技大学 | Radio frequency fingerprint identification method in resource limited environment |
CN115643575B (en) * | 2022-12-26 | 2023-03-10 | 电子科技大学 | Radio frequency fingerprint cross-layer security access authentication method based on block chain under edge calculation |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070005367A1 (en) * | 2005-06-29 | 2007-01-04 | Microsoft Corporation | Radio frequency certificates of authenticity |
CN101594229A (en) * | 2009-06-30 | 2009-12-02 | 华南理工大学 | A kind of trusted network connection system and method based on combined public key |
CN102256249A (en) * | 2011-04-02 | 2011-11-23 | 电子科技大学 | Identity authentication method and equipment applied to wireless network |
CN102904724A (en) * | 2012-10-17 | 2013-01-30 | 南通大学 | Radio-frequency-fingerprint-based challenge-response authentication protocol method |
CN203204630U (en) * | 2013-04-25 | 2013-09-18 | 深圳市雄帝科技股份有限公司 | USBKEY authentication device based on radio frequency identity-authentication card authentication |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7310734B2 (en) * | 2001-02-01 | 2007-12-18 | 3M Innovative Properties Company | Method and system for securing a computer network and personal identification device used therein for controlling access to network components |
CN101277182A (en) * | 2008-03-14 | 2008-10-01 | 北京信联恒业通讯技术有限公司 | Method for acquiring dynamic password based on public key architecture-user personal identification card |
US9560073B2 (en) * | 2011-09-08 | 2017-01-31 | Drexel University | Reconfigurable antenna based solutions for device authentication and intrusion detection in wireless networks |
KR101385929B1 (en) * | 2013-07-17 | 2014-04-16 | (주)세이퍼존 | Certification and storage device with multi connector and finger print sensor |
US9674700B2 (en) * | 2014-11-04 | 2017-06-06 | Qualcomm Incorporated | Distributing biometric authentication between devices in an ad hoc network |
-
2015
- 2015-08-19 CN CN201510512638.8A patent/CN105162778B/en active Active
- 2015-08-24 WO PCT/CN2015/087880 patent/WO2017028323A1/en active Application Filing
- 2015-08-24 US US15/310,780 patent/US10251058B2/en not_active Expired - Fee Related
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070005367A1 (en) * | 2005-06-29 | 2007-01-04 | Microsoft Corporation | Radio frequency certificates of authenticity |
CN101594229A (en) * | 2009-06-30 | 2009-12-02 | 华南理工大学 | A kind of trusted network connection system and method based on combined public key |
CN102256249A (en) * | 2011-04-02 | 2011-11-23 | 电子科技大学 | Identity authentication method and equipment applied to wireless network |
CN102904724A (en) * | 2012-10-17 | 2013-01-30 | 南通大学 | Radio-frequency-fingerprint-based challenge-response authentication protocol method |
CN203204630U (en) * | 2013-04-25 | 2013-09-18 | 深圳市雄帝科技股份有限公司 | USBKEY authentication device based on radio frequency identity-authentication card authentication |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2022116314A1 (en) * | 2020-12-03 | 2022-06-09 | 深圳大学 | Lightweight active cross-level verification method for smart grid |
Also Published As
Publication number | Publication date |
---|---|
CN105162778A (en) | 2015-12-16 |
CN105162778B (en) | 2018-06-26 |
US20170251364A1 (en) | 2017-08-31 |
US10251058B2 (en) | 2019-04-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2017028323A1 (en) | Radio frequency fingerprint-based cross-layer authentication method | |
Ferrag et al. | Security for 4G and 5G cellular networks: A survey of existing authentication and privacy-preserving schemes | |
US9450756B2 (en) | Method and system for authenticating entity based on symmetric encryption algorithm | |
CN107046468B (en) | Physical layer authentication threshold determination method and system | |
JP5682083B2 (en) | Suspicious wireless access point detection | |
KR101270372B1 (en) | Authentication for secure wireless communication | |
US10764066B2 (en) | EUICC secure timing and certificate revocation | |
CN113614572A (en) | Base station location authentication | |
Zhao et al. | A robust authentication scheme based on physical-layer phase noise fingerprint for emerging wireless networks | |
CN102223637A (en) | Identity authentication method and system based on wireless channel characteristic | |
Weinand et al. | Physical layer authentication for mission critical machine type communication using Gaussian mixture model based clustering | |
CN110035425B (en) | Physical fingerprint extraction method for wireless equipment based on wireless network card | |
US20230319557A1 (en) | Authentication method and related apparatus | |
Shawky et al. | Adaptive chaotic map-based key extraction for efficient cross-layer authentication in VANETs | |
Ma et al. | A pseudonym based anonymous identity authentication mechanism for mobile crowd sensing | |
CN113518083A (en) | Lightweight security authentication method and device based on device fingerprint and PUF | |
Shawky et al. | Cross-layer authentication based on physical-layer signatures for secure vehicular communication | |
Ajit et al. | Formal Verification of 5G EAP-AKA protocol | |
Yan et al. | A certificateless efficient and secure group handover authentication protocol in 5G enabled vehicular networks | |
CN113709729B (en) | Data processing method, device, network equipment and terminal | |
Hemavathi et al. | Ds2an: Deep stacked sparse autoencoder for secure and fast authentication in hetnets | |
Yang et al. | AKA-PLA: enhanced AKA based on physical layer authentication | |
Eze et al. | Systematic Review on the Recent Trends of Cybersecurity in Automobile Industry | |
CN113365275B (en) | Identity authentication system and method based on infrared communication | |
AlAali et al. | Cybersecurity Threats and Solutions of IoT Network Layer |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 15310780 Country of ref document: US |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 15901527 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 15901527 Country of ref document: EP Kind code of ref document: A1 |